diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/chilli/condown.sh mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/chilli/condown.sh
--- smeserver-coova-chilli-0.1/root/etc/chilli/condown.sh	2008-09-01 14:16:56.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/chilli/condown.sh	2008-09-01 13:26:53.000000000 +0200
@@ -1,5 +1,13 @@
 #!/bin/bash
 
-SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort)
-/sbin/iptables -D IN_FROM_CHILLI -s $FRAMED_IP_ADDRESS -p tcp --dport $SQUID_PORT --syn -j ACCEPT
+SQUID_STATUS=$(/sbin/e-smith/db configuration getprop squid status)
+WEB_REQ=$(/sbin/e-smith/db configuration getprop chilli WebRequests)
+
+if [[ $SQUID_STATUS=='enabled' && $WEB_REQ=='squid' ]]; then
+	SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort)
+	/sbin/iptables -D IN_FROM_CHILLI -s $FRAMED_IP_ADDRESS \
+		-p tcp --dport $SQUID_PORT --syn -j ACCEPT
+	/sbin/iptables -t nat -D PREROUTING_FROM_CHILLI -s $FRAMED_IP_ADDRESS \
+		-p tcp --dport 80 -j DNAT --to $ADDR:$SQUID_PORT
+fi
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/chilli/conup.sh mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/chilli/conup.sh
--- smeserver-coova-chilli-0.1/root/etc/chilli/conup.sh	2008-09-01 14:16:57.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/chilli/conup.sh	2008-09-01 13:27:04.000000000 +0200
@@ -1,9 +1,12 @@
 #!/bin/bash
 
-SQUID=$(/sbin/e-smith/db configuration getprop squid status)
+SQUID_STATUS=$(/sbin/e-smith/db configuration getprop squid status)
+WEB_REQ=$(/sbin/e-smith/db configuration getprop chilli WebRequests)
 
-if [ $SQUID=='enabled' ]; then
-        SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort)
+if [[ $SQUID_STATUS=='enabled' && $WEB_REQ=='squid' ]]; then
+	SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort)
+	/sbin/iptables -t nat -I PREROUTING_FROM_CHILLI 4 -s $FRAMED_IP_ADDRESS \
+		-p tcp --dport 80 -j DNAT --to $ADDR:$SQUID_PORT 
         /sbin/iptables -I IN_FROM_CHILLI 7 -s $FRAMED_IP_ADDRESS \
                 -p tcp --dport $SQUID_PORT --syn -j ACCEPT
 fi
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing
--- smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing	2008-09-01 13:29:22.000000000 +0200
@@ -0,0 +1 @@
+tcp:any:443
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed
--- smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed	2008-04-07 16:06:31.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed	2008-09-01 13:33:39.000000000 +0200
@@ -1 +1 @@
-tcp:www.firewall-services.com:80,tcp:coova.org:80,tcp:smeserver.org:80,tcp:sourceforge.net:80
+tcp:www.firewall-services.com:80,tcp:coova.org:80,tcp:smeserver.org:80,tcp:sourceforge.net:80,tcp:static.sourceforge.net:80
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests
--- smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests	2008-09-01 12:11:17.000000000 +0200
@@ -0,0 +1 @@
+direct
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli/config/20radconf mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli/config/20radconf
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli/config/20radconf	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli/config/20radconf	2008-09-01 13:19:30.000000000 +0200
@@ -0,0 +1,2 @@
+HS_RADCONF=off
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli.conf/50radius mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli.conf/50radius
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli.conf/50radius	2008-04-04 18:17:32.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/chilli.conf/50radius	2008-09-01 14:16:54.000000000 +0200
@@ -1,7 +1,8 @@
 radiusserver1   127.0.0.1
 radiusserver2   127.0.0.1
 radiussecret    {$chilli{'radiussecret'} || 'azerty';}
-radiusauthport  1812
+radiusauthport  {$radiusd{'UDPPort'} || '1812';}
 radiusacctport  1813
 radiusnasid     chilli
+radiustimeout   1
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom	2008-09-01 14:16:57.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom	2008-09-01 13:34:19.000000000 +0200
@@ -8,6 +8,10 @@
     /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk
     /sbin/iptables -A FORWARD_FROM_CHILLI -s ! $net -j denylog
     /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
+    # Allow http for un-authenticated clients so uamallowed works
+    # Https need to be allowed in AllowedOutgoing
+    /sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 80 -j ACCEPT
+
 HERE
 
 # Allow services specidied in AllowedOutgoing
@@ -43,3 +47,4 @@
 $OUT .= "    /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog\n\}\n";
 
 }
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting	2008-09-01 14:16:57.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting	2008-09-01 12:43:50.000000000 +0200
@@ -19,6 +19,11 @@
         next unless $ip =~ /^${ReIpAddr}$/;
 	$OUT .="    /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ip -j DNAT --to $chillip\n";
 }
+
+# Accept other connexions in order to skip other pre-routing rules. Note that packets will be filtered
+# in the FORWARD_FROM_CHILLI chain
+$OUT .="    /sbin/iptables -t nat -A PREROUTING_FROM_CHILLI -j ACCEPT\n";
+
 $OUT .= "\}\n";
 
 }
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli	2008-04-05 01:34:40.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli	2008-09-01 13:10:22.000000000 +0200
@@ -1,5 +1,6 @@
 {
-if ($chilli{'status'} eq 'enabled'){
+if ((($chilli{'status'} || 'disabled') eq 'enabled') &&
+   (($chilli{'WebRequests'} || 'direct') eq 'squid')){
 
 my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0';
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access76AllowChilli mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access76AllowChilli
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access76AllowChilli	2008-04-05 01:34:40.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/squid/squid.conf/40http_access76AllowChilli	2008-09-01 13:10:37.000000000 +0200
@@ -1,5 +1,6 @@
 {
-if ($chilli{'status'} eq 'enabled'){
+if ((($chilli{'status'} || 'disabled') eq 'enabled') &&
+   (($chilli{'WebRequests'} || 'direct') eq 'squid')){
 $OUT = "http_access allow chillisrc\n";
 }
 }